Home > Article > Web Front-end > oAuth authentication and authorization
1. What is the OAuth protocol
OAuth (open authorization) is an open standard.
Allow third-party websites to access various information stored by users with service providers under the premise of user authorization.
This authorization does not require the user to provide the user name and password to the third-party website.
OAuth allows users to provide a token to a third-party website. A token corresponds to a specific third-party website, and the token can only access specific resources within a specific time.
2. The principle and authorization process of OAuth
The three parties involved in the authentication and authorization process of OAuth include:
Service provider: User use The service provider is generally used to store messages, photos, videos, contacts, files, etc. (such as Twitter, Sina Microwave, etc.).
User: User of the service provider
Third party: Usually a website that wants to access the user's information stored with the service provider.
For example, a website that provides photo printing services, where users want to print their online photo albums stored with the service provider.
Before the authentication process, the third party needs to apply to the service provider for the unique identifier of the third-party service.
The OAuth authentication and authorization process is as follows:
1. The user visits a third-party website and wants to operate certain resources stored by the user in the service provider.
2. The third-party website requests a temporary token from the service provider.
3. After the service provider verifies the identity of the third-party website, it grants a temporary token.
4. After the third-party website obtains the temporary token, it will direct the user to the service provider's authorization page to request user authorization. In the process, the temporary token and the return address of the third-party website will be sent to the service provider.
5. The user enters his or her username and password on the service provider's authorization page to authorize the third-party website to access the corresponding resources.
6. After the authorization is successful, the service provider will direct the user to the return address of the third-party website.
7. The third-party website obtains the access token from the service provider based on the temporary token.
8. The service provider grants third-party website access tokens based on the token and user authorization.
9. The third-party website uses the obtained access token to access the corresponding user resources stored in the service provider.
3. What are the websites that currently support OAuth?
t.sina.com.cn
t.qq.com
t.sohu.com
t.163.com
www.douban.com
www.twitter.com
www.facebook.com
Google Buzz
Interface: /oauth/token?
Parameters: ( grant_type is hard-coded, the other two are customized)
grant_type=password
username=development@cybergate-tech .com
password=oQd-BfT-cer-7LP
Full sample:http://localhost:9000 /oauth/token?grant_type=password&username=development@cybergate-tech.com&password=oQd-BfT-cer-7LP
Return result example:
{ "access_token": "beeaa54e-8391-4de0-8ba6-ce145b3fb812", "token_type": "bearer", "refresh_token": "8129769a-d804-46c7-856a-3bacd409b650", "expires_in": 3599, "scope": "read write" }
Interface:http://localhost:9000/oauth/token?
Parameters: (refresh_token is determined based on 1. Other parameters are hard-coded )
client_id=dashboard
client_secret=secret
http://localhost:9000/oauth/ token?client_id=dashboard&client_secret=secret&grant_type=refresh_token&refresh_token=43dca105-627e-4f50-86e8-0c22c2f3abe9
{ "access_token": "0135c92b-12ab-4af9-88f4-97ef85115e71", "token_type": "bearer", "refresh_token": "75d209b5-a30d-43a8-abcd-850e7fb62e76", "expires_in": 3599, "scope": "read write" }
The above is the detailed content of oAuth authentication and authorization. For more information, please follow other related articles on the PHP Chinese website!